FROM node:22.22.3-alpine3.23
# Build and runtime image for passport-jwt library
WORKDIR /usr/src/app
# Install dependencies using npm ci for reproducible builds
COPY package.json package-lock.json ./
RUN npm ci
# Copy the rest of the source code
COPY . .
# Build the project if a build step is defined
RUN npm run build --if-present
# Default command: indicate that the image is built and ready
CMD ["node", "-e", "console.log('passport-jwt library built and ready')"]
node_modules/ dist/ coverage/ .env *.log .DS_Store .git
Concerns: COPY . . after npm ci can overwrite node_modules if the repo contains them; this is typically mitigated by a .dockerignore excluding node_modules and build artifacts., Build relies on package-lock.json for npm ci; if it is not present, the build will fail.
Smoke [PASS]: npm test --silent
Smoke [FAIL]: node -e "try { const m = require('./'); console.log('module_type:' + typeof m); } catch (e) { console.error(e); process.exit(1); }
Output: sh: syntax error: unterminated quoted stringFROM node:22.22.3-alpine3.23 as build # Build stage for passport-jwt library WORKDIR /usr/src/app # Install dependencies COPY package.json package-lock.json ./ RUN npm ci # Copy source and build if present COPY . . RUN npm run build --if-present FROM node:22.22.3-alpine3.23 WORKDIR /usr/src/app # Copy package manifests and install dependencies for runtime COPY package.json package-lock.json ./ RUN npm ci --omit=dev # Copy built source COPY --from=build /usr/src/app/lib ./lib COPY --from=build /usr/src/app/index.js ./index.js 2>/dev/null || true # Also copy top-level package.json for consumers who rely on it COPY --from=build package.json ./package.json # Copy any other necessary files that may be required by consumers COPY --from=build docs ./docs 2>/dev/null || true # Expose a default command that doesn't execute tests by default CMD ["node","-e","console.log(\"passport-jwt library built and ready\")"]
Concerns: Dockerfile contains invalid COPY lines with shell redirection and '|| true' (e.g., 'COPY --from=build /usr/src/app/index.js ./index.js 2>/dev/null || true'). COPY is not executed through a shell, so these redirections will cause a build failure., Minor potential fragility: relying on optional copies (docs/index.js) with suppression may mask real missing files; better to conditionally copy only when present via separate build steps or ensure files exist.
FROM node:22.22.3-alpine3.23 AS build
WORKDIR /usr/src/app
# Install dependencies
COPY package.json package-lock.json ./
RUN npm ci
# Copy source and build if present
COPY . .
RUN npm run build --if-present
FROM node:22.22.3-alpine3.23
WORKDIR /usr/src/app
# Install runtime dependencies (exclude dev dependencies)
COPY package.json package-lock.json ./
RUN npm ci --omit=dev
# Copy built library into runtime image
COPY --from=build /usr/src/app/lib ./lib
# Ensure package.json is present for module resolution
COPY --from=build /usr/src/app/package.json ./package.json
CMD ["node", "-e", "console.log('passport-jwt library built and ready')"]
Concerns: COPY --from=build /usr/src/app/lib ./lib may fail if the build step does not create a lib directory (depends on npm run build output)., Final runtime image only ships lib and package.json; if the library expects additional runtime assets or a different build output (e.g., dist), the COPY could fail or produce an incomplete image., The CMD is a no-op message; consider adding a health or functional smoke test if possible, but not required.
Smoke [FAIL]: node -e \"require('./lib'); console.log('LIB_OK')\
Output: sh: syntax error: unexpected "("FROM node:22.22.3-alpine3.23 AS build
WORKDIR /usr/src/app
# Install dependencies and build (if a build script exists)
COPY package.json package-lock.json ./
RUN npm ci
# Copy the rest of the source and run an optional build
COPY . .
RUN npm run build --if-present
FROM node:22.22.3-alpine3.23
WORKDIR /usr/src/app
# Install runtime dependencies (exclude dev dependencies)
COPY package.json package-lock.json ./
RUN npm ci --omit=dev
# Copy the full repository from the build stage to ensure all files are present
COPY --from=build /usr/src/app/. ./
CMD ["node", "-e", "console.log('passport-jwt library built and ready')"]
Concerns: The final image copies the entire /usr/src/app from the build stage, including build-time artifacts; this can inflate image size and is not best practice., The CMD prints a static message rather than exercising runtime library behavior; smoke tests do not currently validate functional API usage.
Smoke [FAIL]: node -e "const m=require('./'); if (m && m.Strategy && typeof m.Strategy === 'function' && m.ExtractJwt) { console.log('ok'); } else { console.error('fail'); process.exit(1); }
Output: sh: syntax error: unterminated quoted string
Smoke [FAIL]: node -e "const p=require('./package.json'); if (p && p.name === 'passport-jwt') { console.log('ok'); } else { console.error('fail'); process.exit(1); }
Output: sh: syntax error: unterminated quoted stringFROM node:22.22.3-alpine3.23 AS build WORKDIR /workspace # Install dependencies and build (if a build script exists) COPY package.json package-lock.json ./ RUN npm ci # Copy the rest of the source and run an optional build COPY . . RUN npm run build --if-present FROM node:22.22.3-alpine3.23 WORKDIR /workspace # Install runtime dependencies (exclude dev dependencies) COPY package.json package-lock.json ./ RUN npm ci --omit=dev # Copy built library into runtime image COPY --from=build /workspace/lib ./lib # Copy main package.json to allow consumers to resolve the module COPY --from=build /workspace/package.json ./package.json # Do not define a default CMD; tests will supply their own commands
Concerns: Assumes build outputs to /workspace/lib; if library outputs to a different folder (e.g., dist), the runtime image will be missing the built artifact., Final stage also copies package.json from the build context and then overrides it with the one from the build stage; redundant and could be confusing. Consider removing one copy.
Smoke [PASS]: node -e "try { require('./lib'); console.log('LIB_OK'); } catch (e) { console.error(e.stack); process.exit(1); }" | grep -q LIB_OK